From 670a6002b949ebb60f7cb3e5d950e163d9314859 Mon Sep 17 00:00:00 2001 From: "kfraser@localhost.localdomain" Date: Fri, 31 Aug 2007 11:41:49 +0100 Subject: [PATCH] Xen Security Modules: ACM. Signed-off-by: George Coker --- tools/flask/loadpolicy/flask-loadpolicy | Bin 0 -> 17156 bytes tools/libxc/xc_acm.c | 2 +- tools/python/xen/util/xsm/xsm.py | 9 +++ xen/Makefile | 3 +- xen/Rules.mk | 3 +- xen/arch/x86/setup.c | 42 ---------- xen/arch/x86/x86_32/entry.S | 6 +- xen/arch/x86/x86_64/compat/entry.S | 4 +- xen/arch/x86/x86_64/entry.S | 5 +- xen/common/Makefile | 1 - xen/common/domain.c | 11 +-- xen/common/domctl.c | 6 -- xen/common/event_channel.c | 7 -- xen/common/grant_table.c | 7 -- xen/include/acm/acm_hooks.h | 4 - xen/include/public/acm.h | 2 +- xen/include/public/xen.h | 3 +- xen/include/xen/hypercall.h | 13 +--- xen/xsm/Makefile | 1 + xen/{ => xsm}/acm/Makefile | 2 + xen/{ => xsm}/acm/acm_chinesewall_hooks.c | 0 xen/{ => xsm}/acm/acm_core.c | 18 ++++- xen/{ => xsm}/acm/acm_null_hooks.c | 0 xen/{common => xsm/acm}/acm_ops.c | 0 xen/{ => xsm}/acm/acm_policy.c | 0 .../acm/acm_simple_type_enforcement_hooks.c | 0 xen/xsm/acm/acm_xsm_hooks.c | 72 ++++++++++++++++++ 27 files changed, 114 insertions(+), 107 deletions(-) create mode 100755 tools/flask/loadpolicy/flask-loadpolicy create mode 100644 tools/python/xen/util/xsm/xsm.py rename xen/{ => xsm}/acm/Makefile (76%) rename xen/{ => xsm}/acm/acm_chinesewall_hooks.c (100%) rename xen/{ => xsm}/acm/acm_core.c (97%) rename xen/{ => xsm}/acm/acm_null_hooks.c (100%) rename xen/{common => xsm/acm}/acm_ops.c (100%) rename xen/{ => xsm}/acm/acm_policy.c (100%) rename xen/{ => xsm}/acm/acm_simple_type_enforcement_hooks.c (100%) create mode 100644 xen/xsm/acm/acm_xsm_hooks.c diff --git a/tools/flask/loadpolicy/flask-loadpolicy b/tools/flask/loadpolicy/flask-loadpolicy new file mode 100755 index 0000000000000000000000000000000000000000..61a0c80b33f0ab48e897c2d065d0cec0142c4844 GIT binary patch literal 17156 zcmcIr33yz^eV=#iWy#X&u(9#MVo6}Iys~83F^+@fLzYE_EhO2PFOcd!O>uF5+}`3NSc%;J)C?^E7zo@giuOo+~03zp7bP~ zmhh$T`{vF3=6}q8{&T!}^XBbs?bu)#hHx%ZSc2%tZMMG|@%lzZX%->j6AQ%xagp#M zi?rr_;6XTzG=m4hMz9d7p`?1h?PsV0W+08a8RP|7fpFb)As8qxf{K1U@bw?J{S2KD z*oMGzNjDLtK~ICm@DeZs=`4d`A@~=fY=#gpgG0OK7lksW zIG+tSDOnUPZExGOMat3+23{2i^AG|EGZ8L8n1e740jA1}Jk<#02&D+rHw)oH1lD~n z!vA)mN|P@7nU`Y&?Jtoz6Sqnv>3g5fDnsl?n1L`Gfj&9kb+gV~i9)G^w)0wpKulZd zdqkl9$GHcXz_k;B^zRekszD&WlK_{4|4l*hAY#%#r}1MN|61cKG=5&=z1p5S;GPeu z@+;xxQ=0xIO@Bh;m58bTUl5Lc!uGSi6=92&YG! z@}`TYfq88}ApJA~udg8xd$s(F8aGbS--!Hex;*-?Uh_Y$`PTzK;j*WM^gA5;%S0QX zbA^z2zXK2x3-sZ>bTq$%{kJi^L`V=xXQOcuS%2N8HCMN<6OmLVRS=OrL?Y7Gv3c#9 zj>zT>8@gM2B0X!?cChfu0($-Ur6NEL0vwP7m-N+KsFP}7oxdBB*KD*5}8;b zmu68*QPfZjiXqS!jU^)4!9-?qPAr|xCny%9z;cl<SQCW~6eqJ>m8BN9WbU;Abl z8&72-#e4#_kFaQM{y;R95q-HtLPQerXdwz}Z$7Vx$jZb;TSxoab&)2_0ZyuMJhg<5 z=4D_EauixJHZ?Xex=3Ll#n4DMHIOA9f)wWgUX`g7rV3lMgMoP!5?i8M;o;y80MrIqr(p}#spJfj7egMu}_Gb8KcMVV~mOGAY)8ehZ$pn zx`Qz+I>H!}*1e1?gt(tECY1*nV?sO17!%4Pj4`2Y8UDqAm;GZ~V9MAtytSe5Z=V$B zmR%2yb9LKsXMNAr(c&bNXHK8PRY%K{q@8&|V%8u@SDZN^F>8|KlzHa3#H>*=M0`|Y z)-1V@_=v=;VUn$MW}n2YX>tYepv0_kvW0lN#H@L8BXOt1^gyzcxJ6=mBDsxtiNy3s zayxNIVtOXY3Y`f`Ob;aoiG{@URC0*;mER(xjvhujVbeKsfHodFQ83TFFml6N-#&R{ z{8DYP?|sKnk|@kMyXfrnaT*f`PS~G}V;(>EgNGQ61P}e7c=nqfvK!w%IsCekf2ao- z`Y-+}i$!AAftO2@%p7}q_iz65z}JIEMxVHZGH8iWSiai`f#Dv9-dn}_6@jVxb@(n6Xl0rM(-KEzSbUXJv_X=)_=;b zU_;N6ev_3Ix*N$CDu~UsFz*sHsvqoAE0tCMb9)U!ulkh_Vs%QwZ z?Xj=_w^Vns{9p@M#}a_Ut@~L1e}jeUVZ!jLS}^;^E&M34M5I_x zBL&vdr?!*z`da^RkBj{tP|x(Ew~c*kT;k7_g#W9LPy+T#G$mP-8UfBxia_9#>YhpTJHwrLhN{@KUIu9LFkN>?gs>67&opq1`Qz5E*#`5fCr zJR71>x=qGw{T(o%E!h5Jd!fqdkBzT)qyLT_MgIPi+c1-jwS#l?!#2zxJ;3{A&p-F3 zdBuFk;aoG#cyNM2#n-mI|Av#WXMC>6!j`VFe??X0B!Q=odUACaW3fa&-&ahh z_k_4YNW?>f*>ozlCoHz)qy34Mp}Kr%mCou*r4v_jSu3_=qP^)vsE`fG2e+09;rX4- z?V${~TKQxTWn-~oE(f)_L?M?->`G<&L#a$(Ha8%j)1hc@wpdX5L)0I-v@U|1Yijb zeZ;F14aJ!K&PM`Vf_SQWB2s(#6S z#D2>D_rw%_rSH*key&$WRRI(ieA=4gJy=C5eXnC}!~UIO`;$Rm7b7;s9^4;9n;%4& zvV12WU#?BT!tRES256M)c#?{e#FWi0E%!0L09(W1hWwsn|(FADU-(3(>gbS>N2bl8+Zid%v#)M&AMwRAKCNDoq;?E#yddzi@ zvKCRh`7=t^{{@mZW>jH&%#Ts~Vp&iViA_JDR73KX6 z=!K0}k$6NFx`-v+%?fz#1Bc(b$NN11>mDMr2D=`Ah6L$;Ch)$coqjC^@A+eLy~<)g z%mU06Ox`Q)x}Iw8lXm?hNY+QBG3@x(MZ^@>c3SCM$Xi#Xc`ByNkKUrDe;=`$d_16_ZcM z+&N5sS?c{LTmPvfGR#j=?CH;-%z*tX+P9yyXP%N7Cuqv&kc-aKM#g8Q_$4g$dDd~- zjmR}y4cawr6B^a*HJD#gjkIldm#zWbzUB<{l&)e{7YV}0 zkpDBd1wA#2|6*Bjhkt?M_Y3nTsPWVs1nczw!p-(xQnnZxMH%0jjj~^`s%5KK_p*Nm zt6jDo`JS>*Bke8Yv(;DDkGsF@v)~Dc>1C|DcSTtau~AkEzhX1sN<`j`vym0BFT%Z? zy~JRRgG>eA1KHqHyq)0fJG}i3Z<2*K2yO#s1v$S23s!kod!I+_Ek25OclzNgu-?1t zUszy`?WK%&heH1O47V{(Icbnpxgs z)VbG^I_G*9P|Lnri9+73LTKBQ2+w?K58LQA}N65Xy)v-c)y zx#N)3xdN4ZA4;yEC*FcVwcZvlyN>t6FG_=88PUB8+1_15_bXL??@TIwP@z)qk0I|> zW2+|Utz(rRJ|N3nzUFJNUM^xM9Sy<=2;U1~werkDUT+4*4>~pMSkT-O93Pn#z zq3={J6% zJG#3EJl>3I-ylk*{uyxy7yl+ zS*c`dAXDk>u*uUL07017;O1FIP3Au_`JSW9MG&49vcHc|-4*gNemit}R&qMN;1n!2 zW`6`?hR5P|aV43>D1s?w!5-V-L*pGTc(_o)N08nampcuyTp{&`S}cvy4e}d}ZM+DB zeu+&kt{8uaS{Xwy|F2kc^{}?|+C)G8^n*dLWdKGE$*Ws;9^`xyB=_FLpu4_YsG{GUU+`#rmT{iv>I=trd12;V89Jrw5i z&2M|3LlxSPd9ODd*o`{)0!F>!4SWLGzB1!=#T-~kSgxTz@EY{{f*O_vOj0W}3Kr2o z)6JSCfh4K(jF}QP2fj$n7wH5=uGHKXxPY+1sF!eKpq{cTjFXbNBhX2BrNMSEYkC5oA@gbtw*`6$*Jv}Y z4}6wJt}~jXs_kgXQ)rWEY)_BP<|%2$+lcQmFY8zV#ihP4`n;5RLe*OMUZTP;sY=_v zFQ8ZWo>Z;qhmOC64v)>3g;JVJ#naU{G>`oQ&`Q_3bC(J)-+ES~%K`cUGbmzT3&U!IBPd@y#P=n?f6X z?WAo~sMB{F<+goP%54*6RTyi=Ebtp4*&>`PIA<7J%Abaljf~PeQ{too63Q7{ zD~4i8VO*+|?Au$(k0{2zdxtU4exGLSk0M$1CR&CDKMW(EM5yLEdIsO8j7~AL74bJ< zI?b={0;s+LH_Y9u$-ovh`wUr0Yu4lNf*ChhgIRT?Bn)z)qtLwBDWsdhVq9n#7fL_O zrfC;SC(Nc3#GKE8?!A+}&M@YDmEbN7UWD=9BMRsz#2pZ^jaPAhw@--7AL>BRcNnTfRd6ck&oSd%de82 zD#NHMDIpUoJbj#h1-8?CIQmdUQUArFy{Z8WfpSqIl}*!{JtUW0;L=e#p#y`|c2UX} zLi^n5SpCdE?xm#^4SJv%a{{fPb;^#)OJr`9;zK83vFIgLP_U{LYYWR-x2!sVXv5?G($Le0R5^t2`i^*<_e6{s(Db^C>6n99?=N@ z%wR;$nez;Xbb+gA4~q`Lv9olsvNdOu!!eE23nz@ikeM)Pbt&88Z9eZto+%ngF@94v z4R^jC2;)3^Oafo1@tGW>f*itQa-Yo#8%yRlu3T`DHGAIHYv*5d-8K`ShK-qEFy#jA zWVLvOmXxP(pG;{e=5z9}N`EZIg<35H8dD6PZLV6>I2C z;rlxBcgOMry)xx&ko9MZB&1^544wu&BM^?EY<_HyC;Gye0`V<*&tM{tB<70Uv1Bxd zB<7e%TLeOVseVArg8kHhBnR*P2&UjFYf2s7+2-4%wWtt!F{+))gBeznF~5HPwe#cB zm+&-qDy;>`TxohxCUUqPXO(ES`SJSt#VhAa?s?E-3a%xm*hc?q7jpYhNQXNa(t++A z?0Vz-f&NUQJr*sX{!q_j3rN9TF3%NG0|{ipaXg=pRY|m?lVpeCqt3d>_)3elXQvgo z!rI-2d*906+NSlSxp%`#+pu1^<==shn~P+6(T(3SR|GGw-?8sDtK7fHzxDEZYg+8- zjr-bvetCU3KV;qXmCsv44?J(JH5VCHwb^7?v;CjBw%hu^H>`{Oqj&byTUYt#<-4sN zp!+{-mcl7=QSgUsJU%CM<8de0sx)*{pvK%1wgQG~njjj5-xV-GZuXbj_F+iPMIJ9_ zk9kd*|B$(Mx~Khs=R@{w7JDJy8J0FhaP}iYAIn7By3L!mM%p*6+kACrM{7?jlAT+6 zz@Z46{|HI85{`mIWXF}KV$=)Idp38u zH1uUfKAFuG@QEy+>d)X47++_`0f!E_aWDn?<9VqymM!x87P4j8kzLU=(zq9CS_VgP z25|^S*0FK9lo*H(MKXy5zS~9ma@hfJsS5NKvb$qiOSZ31^5*lYo0LOjWe1({jneY? z^cKq$6q_n#JX6=WH@(B*P(`TEg^_IUjS1zbzQJr>Gb;|+2)Sq`&*L=Om?9epX6iQ4 z4s;p>g^U|n$VM{J0am;S5v@2Cmo_Tt)~h>vt{ZR67!UZQa0X~X{ie-qd6~US9}L1Q z<@k6|D=S81JAqBo5brETRXIf*D9ZFBr!POLurWNqlUN8IWsS`|mk`guG|mBhnS zbml;B3f&$_w-6sHx-Ynr1KGH4?1Ho$W1^54QjGlCvhIKR?Dq~=tgi1n@*@t~NfxDs z8ppP*E1Up}QS-rqZo^4K6dg=^JY_drw)6y0C@@{=H{sYc+=Xgsde zW6+FyXxyPw&#l3nL@pCebGiVxDst22^=koes4licS~Ag%BD&?>j^9~Km=GjA(icR(Sw1p3NlWw?_8<-{*6144<$w#X+nsBAiYIk45efSe|T%GcSjkgE8DI z%iEnx!QmXW$dpaRL=4lIi0mrxqz5}g9U%w3u=a>$7T9s{z_ zO>!D%pN{TIL=9|v;BG0)@XrXSZ+|b_9ioO9e8%0E^ z$kQtNuCObD$2L(fJ)57r`r~4P43oAc<_igD9jeTe&r|i0 z999j;HkFGVIuv~llMgDZrx1=jA;S4R1JI4QkW+EeNul>9a)TnA$rcjfHEY`!7ozI?_#Y8w($ma0&5?9fUF_xKyIF9jxm>n2MU_6E6iQZy=B#NoNA19bK z94z+oaWjs2BFUjedwX+eW6g<)i)BhBjsX(DC2B4DPVRHS#6>S&0@S||0CGm=mK!vI1E*tzg#C9g)@`D#UdJTJ5nd?%20=!_ZOgMhbO$;Wdc;%jo z=HWVfH3Hs6Bp=Tmy#&DXM$Y9V+mL}Jd6wn!yif}iaevz>m-!6*I>9qWO!J)4&ERW6 z+FdT7h#_EiOUm$^(lcP7J&r!c*trsE1c#63n!XFZ!jhBuz_(D!4K_ef-2VH!8e?Nl8>2#EUMq7F9M{xAVw*dcBXS!u z$Vb1t1-`ey=bY&#ufr!_NP*cV@?RM2EO9@=xg5Uxkm2Y{;t+2Vd=8DgPWn%grcbDk z=d<_^%}YqLJ$R9ie*QE9^^uQ<4A)~*iTTdu==(e}9KH_lb^H##FT417X1E7@jt=T{ z(oehic%E$=_}GV>i+l_x5NHqW;{n%WzoXo5fKL0Ii+meg8BX&1U~tmpeWP4$S2%J` z-T!_H-w`x?i^Jri{nC{t`33NO3p$<4DeJ$G;iO5sKZH|H>=gQPXgt&Jq)BS7LHn`t z`f_OeIOU{CI(muvPs`zR{2bDJOElrH!MC0ROJCH%P=VkoM$Cf1B3A)UlCjHdaqn`p z5yr^H$md=e%Y_T%*mdjcxl)MZj!~dH`jC9v#sA2dss2tA^4~6nRmq(H6jmj0o>N#A z!1+vJ)!UtOj+Pt|YJO657>F&P3|mnZjzsaz0QP zgANzRy~5~}xH!HQRvm@oSYdijjaP-)Dr#IR%u}60aQrE(o+un=3Rg24|JTUUr$#w$ z6n&YGS(f~J&5hkN9_5|g8pUJDzvSHf^CtjO7XB}EUzP~D zA?O!R>L)h-ol+iBY{c$5GQl|EJfRQlBNrt(jv|6lfSo^~$U`=|pD z6aRb)p6@E)eEcr5l>dG0n_B*5P{_ShnqlIJbcL$`mcJgD&kfQI{0-Ly?DS6qE1vDZ zPX9D;WO4wQKc6W6aUbtihtGo&cB{s{gBwJ>%(u9&V0*%J^6W`*OxRstTET1tZxf2=QmZK znW77r>o&?%qCKwzcGri`QvPPewFc=o1M_nJ4ZR!KnJ-!Yj{`e<&*Xnt^S=ohmj5iU zTmK6#9KzqfKLvK42bK6c_-9&vgO>l5#?HT_9{r4bQPXDtyX~0^d{p<>O6=D!1?Kt* z>}b#bIM=S_AJ_8N0Y9PXtj`C4-S+MzKMoHuVt?2-iC!*7Nzhja@k3LvSjG1)Y+Z)< z-gM==_?YZ`Lt4dC*@eZa%#|YAn_4ViIN$Mk?Ma`E8YqwVRD5I6AGF@#hT&u_zuzIK z$+Gx%#xG_pp6|B!riR!0wCiVDe$~nsihX?`MI!6)AtBPy-ra+LY$K8Nlh9S`#z}+t z;TG;5OeYG7co@4Bk$5)JpU(DTpHRLON20|c{Njoi-AKGRFtEo_-MVT0gk}e9=vs3% zcF8n}#W?8+t@4dqYJImZmods_addr); - unsigned long start, policy_len; - char *policy_start; - - /* - * Try all modules and see whichever could be the binary policy. - * Adjust the initrdidx if module[1] is the binary policy. - */ - for ( i = mbi->mods_count-1; i >= 1; i-- ) - { - start = initial_images_start + (mod[i].mod_start-mod[0].mod_start); - policy_start = maddr_to_bootstrap_virt(start); - policy_len = mod[i].mod_end - mod[i].mod_start; - if ( acm_is_policy(policy_start, policy_len) ) - { - printk("Policy len 0x%lx, start at %p - module %d.\n", - policy_len, policy_start, i); - *_policy_start = policy_start; - *_policy_len = policy_len; - if ( i == 1 ) - *initrdidx = (mbi->mods_count > 2) ? 2 : 0; - break; - } - } -} - static void __init init_idle_domain(void) { struct domain *idle_domain; @@ -448,8 +414,6 @@ void __init __start_xen(unsigned long mbi_p) char *cmdline, *kextra; unsigned long _initrd_start = 0, _initrd_len = 0; unsigned int initrdidx = 1; - char *_policy_start = NULL; - unsigned long _policy_len = 0; multiboot_info_t *mbi = __va(mbi_p); module_t *mod = (module_t *)__va(mbi->mods_addr); unsigned long nr_pages, modules_length; @@ -1032,12 +996,6 @@ void __init __start_xen(unsigned long mbi_p) if ( opt_watchdog ) watchdog_enable(); - /* Extract policy from multiboot. */ - extract_acm_policy(mbi, &initrdidx, &_policy_start, &_policy_len); - - /* initialize access control security module */ - acm_init(_policy_start, _policy_len); - /* Create initial domain 0. */ dom0 = domain_create(0, 0, DOM0_SSIDREF); if ( (dom0 == NULL) || (alloc_vcpu(dom0, 0, 0) == NULL) ) diff --git a/xen/arch/x86/x86_32/entry.S b/xen/arch/x86/x86_32/entry.S index 6f243b8d1b..245622401d 100644 --- a/xen/arch/x86/x86_32/entry.S +++ b/xen/arch/x86/x86_32/entry.S @@ -665,7 +665,7 @@ ENTRY(hypercall_table) .long do_vcpu_op .long do_ni_hypercall /* 25 */ .long do_mmuext_op - .long do_acm_op + .long do_xsm_op .long do_nmi_op .long do_sched_op .long do_callback_op /* 30 */ @@ -676,7 +676,6 @@ ENTRY(hypercall_table) .long do_sysctl /* 35 */ .long do_domctl .long do_kexec_op - .long do_xsm_op .rept NR_hypercalls-((.-hypercall_table)/4) .long do_ni_hypercall .endr @@ -709,7 +708,7 @@ ENTRY(hypercall_args_table) .byte 3 /* do_vcpu_op */ .byte 0 /* do_ni_hypercall */ /* 25 */ .byte 4 /* do_mmuext_op */ - .byte 1 /* do_acm_op */ + .byte 1 /* do_xsm_op */ .byte 2 /* do_nmi_op */ .byte 2 /* do_sched_op */ .byte 2 /* do_callback_op */ /* 30 */ @@ -720,7 +719,6 @@ ENTRY(hypercall_args_table) .byte 1 /* do_sysctl */ /* 35 */ .byte 1 /* do_domctl */ .byte 2 /* do_kexec_op */ - .byte 1 /* do_xsm_op */ .rept NR_hypercalls-(.-hypercall_args_table) .byte 0 /* do_ni_hypercall */ .endr diff --git a/xen/arch/x86/x86_64/compat/entry.S b/xen/arch/x86/x86_64/compat/entry.S index fed4f66e98..8bf2dd010b 100644 --- a/xen/arch/x86/x86_64/compat/entry.S +++ b/xen/arch/x86/x86_64/compat/entry.S @@ -331,7 +331,7 @@ ENTRY(compat_hypercall_table) .quad compat_vcpu_op .quad compat_ni_hypercall /* 25 */ .quad compat_mmuext_op - .quad do_acm_op + .quad do_xsm_op .quad compat_nmi_op .quad compat_sched_op .quad compat_callback_op /* 30 */ @@ -374,7 +374,7 @@ ENTRY(compat_hypercall_args_table) .byte 3 /* compat_vcpu_op */ .byte 0 /* compat_ni_hypercall */ /* 25 */ .byte 4 /* compat_mmuext_op */ - .byte 1 /* do_acm_op */ + .byte 1 /* do_xsm_op */ .byte 2 /* compat_nmi_op */ .byte 2 /* compat_sched_op */ .byte 2 /* compat_callback_op */ /* 30 */ diff --git a/xen/arch/x86/x86_64/entry.S b/xen/arch/x86/x86_64/entry.S index 69f2725304..b6f5011055 100644 --- a/xen/arch/x86/x86_64/entry.S +++ b/xen/arch/x86/x86_64/entry.S @@ -601,7 +601,7 @@ ENTRY(hypercall_table) .quad do_vcpu_op .quad do_set_segment_base /* 25 */ .quad do_mmuext_op - .quad do_acm_op + .quad do_xsm_op .quad do_nmi_op .quad do_sched_op .quad do_callback_op /* 30 */ @@ -612,7 +612,6 @@ ENTRY(hypercall_table) .quad do_sysctl /* 35 */ .quad do_domctl .quad do_kexec_op - .quad do_xsm_op .rept NR_hypercalls-((.-hypercall_table)/8) .quad do_ni_hypercall .endr @@ -645,7 +644,7 @@ ENTRY(hypercall_args_table) .byte 3 /* do_vcpu_op */ .byte 2 /* do_set_segment_base */ /* 25 */ .byte 4 /* do_mmuext_op */ - .byte 1 /* do_acm_op */ + .byte 1 /* do_xsm_op */ .byte 2 /* do_nmi_op */ .byte 2 /* do_sched_op */ .byte 2 /* do_callback_op */ /* 30 */ diff --git a/xen/common/Makefile b/xen/common/Makefile index ffd3565e51..e0ce3587e9 100644 --- a/xen/common/Makefile +++ b/xen/common/Makefile @@ -1,4 +1,3 @@ -obj-y += acm_ops.o obj-y += bitmap.o obj-y += domctl.o obj-y += domain.o diff --git a/xen/common/domain.c b/xen/common/domain.c index b7f68a236f..0e48eeeda4 100644 --- a/xen/common/domain.c +++ b/xen/common/domain.c @@ -28,7 +28,6 @@ #include #include #include -#include #include /* Protect updates/reads (resp.) of domain_list and domain_hash. */ @@ -189,7 +188,7 @@ struct domain *domain_create( domid_t domid, unsigned int domcr_flags, ssidref_t ssidref) { struct domain *d, **pd; - enum { INIT_evtchn = 1, INIT_gnttab = 2, INIT_acm = 4, INIT_arch = 8 }; + enum { INIT_evtchn = 1, INIT_gnttab = 2, INIT_arch = 8 }; int init_status = 0; if ( (d = alloc_domain(domid)) == NULL ) @@ -215,10 +214,6 @@ struct domain *domain_create( if ( grant_table_create(d) != 0 ) goto fail; init_status |= INIT_gnttab; - - if ( acm_domain_create(d, ssidref) != 0 ) - goto fail; - init_status |= INIT_acm; } if ( arch_domain_create(d) != 0 ) @@ -254,8 +249,6 @@ struct domain *domain_create( atomic_set(&d->refcnt, DOMAIN_DESTROYED); if ( init_status & INIT_arch ) arch_domain_destroy(d); - if ( init_status & INIT_acm ) - acm_domain_destroy(d); if ( init_status & INIT_gnttab ) grant_table_destroy(d); if ( init_status & INIT_evtchn ) @@ -483,8 +476,6 @@ static void complete_domain_destroy(struct rcu_head *head) sched_destroy_vcpu(v); } - acm_domain_destroy(d); - rangeset_domain_destroy(d); grant_table_destroy(d); diff --git a/xen/common/domctl.c b/xen/common/domctl.c index c1c391e82d..0b13cd9f69 100644 --- a/xen/common/domctl.c +++ b/xen/common/domctl.c @@ -23,7 +23,6 @@ #include #include #include -#include #include extern long arch_do_domctl( @@ -124,11 +123,6 @@ void getdomaininfo(struct domain *d, struct xen_domctl_getdomaininfo *info) if ( is_hvm_domain(d) ) info->flags |= XEN_DOMINF_hvm_guest; - if ( d->ssid != NULL ) - info->ssidref = ((struct acm_ssid_domain *)d->ssid)->ssidref; - else - info->ssidref = ACM_DEFAULT_SSID; - xsm_security_domaininfo(d, info); info->tot_pages = d->tot_pages; diff --git a/xen/common/event_channel.c b/xen/common/event_channel.c index 145a238ccf..1ca80edb38 100644 --- a/xen/common/event_channel.c +++ b/xen/common/event_channel.c @@ -29,7 +29,6 @@ #include #include -#include #include #define bucket_from_port(d,p) \ @@ -122,9 +121,6 @@ static long evtchn_alloc_unbound(evtchn_alloc_unbound_t *alloc) domid_t dom = alloc->dom; long rc; - if ( (rc = acm_pre_eventchannel_unbound(dom, alloc->remote_dom)) != 0 ) - return rc; - if ( dom == DOMID_SELF ) dom = current->domain->domain_id; else if ( !IS_PRIV(current->domain) ) @@ -166,9 +162,6 @@ static long evtchn_bind_interdomain(evtchn_bind_interdomain_t *bind) domid_t rdom = bind->remote_dom; long rc; - if ( (rc = acm_pre_eventchannel_interdomain(rdom)) != 0 ) - return rc; - if ( rdom == DOMID_SELF ) rdom = current->domain->domain_id; diff --git a/xen/common/grant_table.c b/xen/common/grant_table.c index e240452f14..67d0f5d3bd 100644 --- a/xen/common/grant_table.c +++ b/xen/common/grant_table.c @@ -32,7 +32,6 @@ #include #include #include -#include #include #ifndef max_nr_grant_frames @@ -212,12 +211,6 @@ __gnttab_map_grant_ref( return; } - if ( acm_pre_grant_map_ref(op->dom) ) - { - op->status = GNTST_permission_denied; - return; - } - if ( unlikely((rd = rcu_lock_domain_by_id(op->dom)) == NULL) ) { gdprintk(XENLOG_INFO, "Could not find domain %d\n", op->dom); diff --git a/xen/include/acm/acm_hooks.h b/xen/include/acm/acm_hooks.h index becf554753..896a901250 100644 --- a/xen/include/acm/acm_hooks.h +++ b/xen/include/acm/acm_hooks.h @@ -145,8 +145,6 @@ static inline int acm_pre_grant_map_ref(domid_t id) { return 0; } static inline int acm_pre_grant_setup(domid_t id) { return 0; } -static inline int acm_init(char *policy_start, unsigned long policy_len) -{ return 0; } static inline int acm_is_policy(char *buf, unsigned long len) { return 0; } static inline int acm_sharing(ssidref_t ssidref1, ssidref_t ssidref2) @@ -331,8 +329,6 @@ static inline int acm_authorization(ssidref_t ssidref1, ssidref_t ssidref2) } -extern int acm_init(char *policy_start, unsigned long policy_len); - /* Return true iff buffer has an acm policy magic number. */ extern int acm_is_policy(char *buf, unsigned long len); diff --git a/xen/include/public/acm.h b/xen/include/public/acm.h index 7f37ff9469..79fc510746 100644 --- a/xen/include/public/acm.h +++ b/xen/include/public/acm.h @@ -150,8 +150,8 @@ struct acm_policy_version * tools that assume packed representations (e.g. the java tool) */ struct acm_policy_buffer { - uint32_t policy_version; /* ACM_POLICY_VERSION */ uint32_t magic; + uint32_t policy_version; /* ACM_POLICY_VERSION */ uint32_t len; uint32_t policy_reference_offset; uint32_t primary_policy_code; diff --git a/xen/include/public/xen.h b/xen/include/public/xen.h index 0017c3fa5d..3a06ebfe21 100644 --- a/xen/include/public/xen.h +++ b/xen/include/public/xen.h @@ -69,7 +69,7 @@ #define __HYPERVISOR_vcpu_op 24 #define __HYPERVISOR_set_segment_base 25 /* x86/64 only */ #define __HYPERVISOR_mmuext_op 26 -#define __HYPERVISOR_acm_op 27 +#define __HYPERVISOR_xsm_op 27 #define __HYPERVISOR_nmi_op 28 #define __HYPERVISOR_sched_op 29 #define __HYPERVISOR_callback_op 30 @@ -80,7 +80,6 @@ #define __HYPERVISOR_sysctl 35 #define __HYPERVISOR_domctl 36 #define __HYPERVISOR_kexec_op 37 -#define __HYPERVISOR_xsm_op 38 /* Architecture-specific hypercall definitions. */ #define __HYPERVISOR_arch_0 48 diff --git a/xen/include/xen/hypercall.h b/xen/include/xen/hypercall.h index 3fc9b3ee4f..5313b9a1d8 100644 --- a/xen/include/xen/hypercall.h +++ b/xen/include/xen/hypercall.h @@ -12,7 +12,6 @@ #include #include #include -#include #include #include #include @@ -97,10 +96,6 @@ do_vcpu_op( int vcpuid, XEN_GUEST_HANDLE(void) arg); -extern long -do_acm_op( - XEN_GUEST_HANDLE(xen_acmctl_t) arg); - extern long do_nmi_op( unsigned int cmd, @@ -117,6 +112,10 @@ do_kexec_op( int arg1, XEN_GUEST_HANDLE(void) arg); +extern long +do_xsm_op( + XEN_GUEST_HANDLE(xsm_op_t) u_xsm_op); + #ifdef CONFIG_COMPAT extern int @@ -126,8 +125,4 @@ compat_memory_op( #endif -extern long -do_xsm_op( - XEN_GUEST_HANDLE(xsm_op_t) u_xsm_op); - #endif /* __XEN_HYPERCALL_H__ */ diff --git a/xen/xsm/Makefile b/xen/xsm/Makefile index 7099d3741f..725f98e377 100644 --- a/xen/xsm/Makefile +++ b/xen/xsm/Makefile @@ -5,3 +5,4 @@ obj-y += dummy.o endif subdir-$(FLASK_ENABLE) += flask +subdir-$(ACM_SECURITY) += acm diff --git a/xen/acm/Makefile b/xen/xsm/acm/Makefile similarity index 76% rename from xen/acm/Makefile rename to xen/xsm/acm/Makefile index c16be20c3a..b3ddbc13c8 100644 --- a/xen/acm/Makefile +++ b/xen/xsm/acm/Makefile @@ -3,3 +3,5 @@ obj-y += acm_policy.o obj-y += acm_simple_type_enforcement_hooks.o obj-y += acm_chinesewall_hooks.o obj-y += acm_null_hooks.o +obj-y += acm_xsm_hooks.o +obj-y += acm_ops.o diff --git a/xen/acm/acm_chinesewall_hooks.c b/xen/xsm/acm/acm_chinesewall_hooks.c similarity index 100% rename from xen/acm/acm_chinesewall_hooks.c rename to xen/xsm/acm/acm_chinesewall_hooks.c diff --git a/xen/acm/acm_core.c b/xen/xsm/acm/acm_core.c similarity index 97% rename from xen/acm/acm_core.c rename to xen/xsm/acm/acm_core.c index a989d4c581..57a4370d71 100644 --- a/xen/acm/acm_core.c +++ b/xen/xsm/acm/acm_core.c @@ -31,6 +31,7 @@ #include #include #include +#include /* debug: * include/acm/acm_hooks.h defines a constant ACM_TRACE_MODE; @@ -49,6 +50,8 @@ void acm_init_ste_policy(void); extern struct acm_operations acm_chinesewall_ops, acm_simple_type_enforcement_ops, acm_null_ops; +extern struct xsm_operations acm_xsm_ops; + /* global ACM policy (now dynamically determined at boot time) */ u16 acm_active_security_policy = ACM_POLICY_UNDEFINED; @@ -269,14 +272,15 @@ acm_setup(char *policy_start, } -int __init -acm_init(char *policy_start, - unsigned long policy_len) +int +acm_init(void) { int ret = ACM_OK; + printk("ACM-XSM: Initializing.\n"); + /* first try to load the boot policy (uses its own locks) */ - acm_setup(policy_start, policy_len, 1); + acm_setup(policy_buffer, policy_size, 1); /* a user-provided policy may have any name; only matched during boot */ acm_accepted_boot_policy_name = NULL; @@ -311,9 +315,15 @@ acm_init(char *policy_start, /* here one could imagine a clean panic */ return -EINVAL; } + + if (register_xsm(&acm_xsm_ops)) + panic("ACM-XSM: Unable to register with XSM.\n"); + return ret; } +xsm_initcall(acm_init); + int acm_init_domain_ssid(struct domain *subj, ssidref_t ssidref) { struct acm_ssid_domain *ssid; diff --git a/xen/acm/acm_null_hooks.c b/xen/xsm/acm/acm_null_hooks.c similarity index 100% rename from xen/acm/acm_null_hooks.c rename to xen/xsm/acm/acm_null_hooks.c diff --git a/xen/common/acm_ops.c b/xen/xsm/acm/acm_ops.c similarity index 100% rename from xen/common/acm_ops.c rename to xen/xsm/acm/acm_ops.c diff --git a/xen/acm/acm_policy.c b/xen/xsm/acm/acm_policy.c similarity index 100% rename from xen/acm/acm_policy.c rename to xen/xsm/acm/acm_policy.c diff --git a/xen/acm/acm_simple_type_enforcement_hooks.c b/xen/xsm/acm/acm_simple_type_enforcement_hooks.c similarity index 100% rename from xen/acm/acm_simple_type_enforcement_hooks.c rename to xen/xsm/acm/acm_simple_type_enforcement_hooks.c diff --git a/xen/xsm/acm/acm_xsm_hooks.c b/xen/xsm/acm/acm_xsm_hooks.c new file mode 100644 index 0000000000..6affebdf23 --- /dev/null +++ b/xen/xsm/acm/acm_xsm_hooks.c @@ -0,0 +1,72 @@ +/**************************************************************** + * acm_xsm_hooks.c + * + * Copyright (C) 2005 IBM Corporation + * + * Author: + * Reiner Sailer + * + * Contributors: + * Michael LeMay, + * George Coker, + * + * sHype hooks for XSM based on the original ACM hooks. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation, version 2 of the + * License. + * + */ + +#include +#include +#include + +static int acm_grant_mapref (struct domain *ld, struct domain *rd, + uint32_t flags) +{ + domid_t id = rd->domain_id; + + return acm_pre_grant_map_ref(id); +} + +static int acm_evtchn_unbound (struct domain *d1, struct evtchn *chn1, domid_t id2) +{ + domid_t id1 = d1->domain_id; + + return acm_pre_eventchannel_unbound(id1, id2); +} + +static int acm_evtchn_interdomain (struct domain *d1, struct evtchn *chn1, + struct domain *d2, struct evtchn *chn2) +{ + domid_t id2 = d2->domain_id; + + return acm_pre_eventchannel_interdomain(id2); +} + +static void acm_security_domaininfo (struct domain *d, + struct xen_domctl_getdomaininfo *info) +{ + if ( d->ssid != NULL ) + info->ssidref = ((struct acm_ssid_domain *)d->ssid)->ssidref; + else + info->ssidref = ACM_DEFAULT_SSID; +} + +extern long do_acm_op(XEN_GUEST_HANDLE(xsm_op_t) arg); + +struct xsm_operations acm_xsm_ops = { + .domain_create = acm_domain_create, + .free_security_domain = acm_domain_destroy, + + .grant_mapref = acm_grant_mapref, + + .evtchn_unbound = acm_evtchn_unbound, + .evtchn_interdomain = acm_evtchn_interdomain, + + .security_domaininfo = acm_security_domaininfo, + + .__do_xsm_op = do_acm_op, +}; -- 2.30.2